[Date Prev][Date Next] [Chronological] [Thread] [Top]

Don't permit access for anonymous user...



 
Hello, I'm new for the use of OpenLDAP.
My english is not correct: SORRY!!!

My boss don't want to publish informations for all people but only for dn in the server (running in standalone mode)

I would like to do something like in future OpenLDAP 2.0:
        Access to attr=userpasswd,entry
            by self write
            by anonymous auth
            by * none

        access *
            by self write
            by anonymous none
            by * read

It is not permit in OpenLDAP 1.x

I though to do something like:
        access to attr=userpasswd,entry
            by self            write
            by *                 compare

        access to dn=".* , dc=mycompagny, dc=com"
        by dn=".*, dc=mycompagny, dc=com"    search

    Nothing's right:
If i try to conect as anonymous: ldapsearch return nothing so that's good!
If i try to connect as rootdn: ldapsearch return all the entries so that's OK
If i try to connect as a dn with the good passwd: i have only the access on the user entry (with all attributes) but i don't have
permission to all the entries!!!!

HOW CAN I DO ?

Thanks to help me!

-- 
LAMOTHE Oswaldo                         +336.10.43.20.96  
Eleve Ingenieur-Maitre                  lamothe@ifrance.com

Systemes de Telecommunications          133,Bld Deodat de Severac
et Reseaux Informatiques                31300 TOULOUSE